8 matches found
CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
Credential Leakage
Requests is vulnerable to credential leakage. The vulnerability is due to a URL parsing issue that may expose .netrc credentials to third parties for specially crafted URLs, allowing attackers to exfiltrate sensitive authentication data...
go-retryablehttp: url might write sensitive information to log file
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...
CVE-2024-2905
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...
CVE-2024-2905
CVE-2024-2905 affects rpm-ostree where default builds expose a world-readable /etc/shadow. Multiple Nessus advisories (RHEL 9, AlmaLinux 9, Oracle Linux 9, MiracleLinux, Fedora) reference the issue and indicate patches/backports to a fixed rpm-ostree release (e.g., versions >= 2024.4-3 or rela...
PCI v4 is coming. Are you ready?
If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...
Debian DLA-2664-1 : curl security update
Viktor Szakats reported that libcurl, an URL transfer library, does not strip off user credentials from the URL when automatically populating the Referer HTTP request header field in outgoing HTTP requests. Sensitive authentication data may leak to the server that is the target of the second HTTP...
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...